For the second time in the Android operating system’s history, Google has used its mighty powers to delete an offending (if not downright malicious) series of applications from owners’ phones. The move comes as a response to the “Droid Dream” series of attacks that were born in the Android Market this past Tuesday.
In them, malicious code appended to legitimate applications—likely downloaded through a third-party Android app store instead of Google’s official Android Market—collected data from users phones and shipped that information off to a third-party server. Google, however, notes that the information accessed was nothing critical… this time.
“For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device),” writes Rich Cannings, Android Security Lead, in a Google Mobile Blog post.
“But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application,” he added.
These steps included the removal of the offending applications from the Android Market—around 50—within minutes of Google learning about the issue. In addition to this, Google fired up its remote nuking capabilities, otherwise known as its “remote application removal feature,” to delete the applications from users’ phones. Affected users may get notifications that the applications have been removed from their phones, although Google also plans to email those whose Android devices were compromised by the attacks.
Google has also crafted up a security update that it’ll be pushing to phones affected by “Droid Dream,” which should mitigate further information leaks or access by the malware-laden applications. Users whose phones were hit by the attack will see an update entitled, “Android Market Security Tool March 2011,” which should push directly to Android phones over the next 72 hours.
As mentioned, this is only the second time in Android’s history where Google has opted to use its remote-application-deleting capabilities to fight compromised or malware-driven applications. In the first instance, Google remote-deleted two free applications built by a security researcher in June of 2010.
The apps themselves didn’t have a malicious purpose behind them, nor did they access any kind of private data within one’s phone. Google nevertheless took offense to the apps’ misrepresentations on the Android Market—used to drive more downloads to the programs themselves—and engaged its kill-switch to “complete the cleanup,” once said security researcher voluntarily removed the offending applications from the Android Market itself.
Copyright © 2010 Ziff Davis Publishing Holdings Inc.